2 Jul
2014
2 Jul
'14
8:26 a.m.
Hi,
From this comment:
https://github.com/phpmyadmin/phpmyadmin/commit/fb14e92d62a1d9990bfd4d779702... I find I save a bookmark which label named "<script>alert("XSS");</script>", it runs while I click SQL tab. Is it safe enough? Should we add htmlspecialchars() to INSERT query included functions(e.g. PMA_Bookmark_save)?
--
Edward Cheng